most of change request defined here already addressed commit-by-commit in this PR
there's change request that asking set plugin_directory.yml URL at runtime. I put it as a FIXME here: My main concern is, it probably open a security attack? Maybe instead of pass file URL via request parameter, we list them in database instead?
Support for github and cloudsmith would be done in next PR (along with new plugin URL configuration. discussed in slack)
There's no SHA1 cache (no sha1.yml support). SHA verification done by downloading .jar.sha1 . Question: should we cache them? Yeah there's network overhead, but that's only small size.
This PR address this issue: https://github.com/killbill/technical-support/issues/93
plugin_directory.ymlURL at runtime. I put it as a FIXME here: My main concern is, it probably open a security attack? Maybe instead of pass file URL via request parameter, we list them in database instead?